Wednesday, 22 October 2014

Fake iTunes phishing blocked again...

Oh dear... iTunes email just coming in...

... but it's blocked by: Sanesecurity.Phishing.Fake.24204 which was added a day ago...

Here's one site's view of the situation.... and it's history over time...

Malware via Word documents

We seem to be receiving a few variants of word documents at then moment, containing macros to download externally hosted malware.

 3 variants of these documents so far...

VirusTotal 1
VirusTotal 2
VirusTotal 3

I've added detection for all these types, in phish.ndb as:

Malware Detected as: Sanesecurity.Malware.24509.DocHeur

ClamAV 3rd Party signatures:
#clamav #sanesecurity #malware

Sample Subjects:

Commercial Debt Recovery, Ref No:
Industrial Invoices
Employee Documents - Internal Use